Ogenstad.net

Security Stories and Help with Network Documentation

Once upon a time this used to be my blog. For current updates head over to Networklore.

About / Stories / Contact

  • GitHub
  • LinkedIn
  • RSS
  • Twitter

Powered by Genesis

PayPal’s Security Question

May 4, 2006 by patrick.ogenstad Leave a Comment

I was setting up a personal PayPal account today and during registration want me to provide answers to two “secret questions”. This is nothing new and usually I just do what Bruce Schneier talks about it his curse; enter gibberish.

Feeling very clever I press the signup button, the result:

Your information is incomplete or incorrect. Please correct the fields below and try again:

  • You may not enter numbers in your mother’s maiden name.
  • You must enter exactly four numbers or letters for the last four digits of your driver’s license number.

What could possess anyone to do this? This is just plain stupid. PayPal’s password policy forces you to have eight or more characters, but the secret question for your driver’s license doesn’t allow you to have more than four characters.

[tags]security, passwords, authentication[/tags]

Filed Under: Security

Leave a Reply Cancel reply

You must be logged in to post a comment.